Which of the following is an example of passive information gathering?

Passive information gathering is a method used to collect data about a target without directly interacting with the target's systems, thus minimizing the likelihood of detection. Locating an organization's web presence is a prime example of passive information gathering since it involves researching publicly available information, such as the organization's website, social media profiles, and online presence without triggering alerts or notifications.

This approach relies on existing data, such as domain registration records, search engines, and other public resources, to compile information about the organization's operations or structure. It is often the first step in information security assessments and helps to build a profile of the organization naturally.

On the other hand, identifying valid email addresses may include some level of active probing, as it might involve validation techniques to ensure accuracy. Examining SMTP headers often requires direct engagement with the email system, which can cross into active data gathering. Performing zone transfers is an active reconnaissance technique that involves querying DNS servers for a complete list of domain records, directly interacting with the target that's being assessed. Thus, they do not exemplify passive information gathering in the same context as locating an organization's web presence does.